WebDAV

WebDAV is a method for allowing remote access to local folders via an HTTP-based web browser. In other words, an HTTP-based file server is created (using the Apache2 server platform in these examples, since the Apache2 webserver has a built-in WebDAV module).

This can be combined with user authentication (using LDAP or a number of other password mechanisms).

WebDAV Server Installation

Install Apache webserver

Apache2 must be installed, either alone or as part of a LAMP server.

sudo apt-get install apache2

or

sudo apt-get install tasksel
sudo tasksel install lamp-server

Open your firewall

Remember, WebDAV is an HTTP server. The incoming default HTTP and/or HTTPS ports (80 and/or 443) should be open to the server. It is, of course, also possible to use custom ports by changing the allowed incoming ports in the firewall, the virtual host configuration file, and, of course, the URL used to reach the WebDAV server.

Enable the Apache2 WebDAV modules

Enable the dav and dav_fs modules:

sudo a2enmod dav_fs

Restart Apache2:

sudo /etc/init.d/apache2 restart

Create a folder for WebDAV use

There are two options:

Create a WebDAV directory in the /var/www folder:

sudo mkdir /var/www/WebDAV1

or

Create a WebDAV directory in the /home/user/ (also known as ~/) folder and create a symbolic link:

mkdir ~/WebDAV1
sudo ln -s ~/WebDAV1 /var/www/

Create a subdirectory for files:

mkdir /var/www/WebDAV1/files

Note: In the next several steps, file/folder ownership and permissions can also be adjusted from a File Manager (such as Dolphin in Kubuntu or Nautilus in Ubuntu) as root:

sudo dolphin

or

sudo nautilus

Make sure the owner of whichever WebDAV folder was created (and its subfolders, using the -R recursive switch) is www-data (the user ID for Apache2) and the group is that of your user ID (or, alternatively, root):

sudo chown -R www-data:user /var/www/WebDAV1

or

sudo chown -R www-data:user ~/WebDAV1

Alternatively you could create a webdavuser group so that some group of local users could access the files locally (instead of through WebDAV). Add the individual users to that group and use webdav as the group instead of a single user (or root), for example:

sudo chown -R www-data:webdav /var/www/WebDAV1

To allow files in the WebDAV folder (and its subfolders, using the -R recursive switch) to be Read/Write but not eXecutable (which may be a security risk on some servers):

sudo chmod 664 -R /var/www/WebDAV1

or

sudo chmod 664 -R ~/WebDAV1

Some users find that broader permissions may be required, and instead allow Read/Write/eXecute for the Owner / Group (but not all users):

sudo chmod 770 -R /var/www/WebDAV1

or

sudo chmod 770 -R ~/WebDAV1

Create or edit the virtual host file

Edit the virtual host (vhost) file used for the URL through which WebDAV will be accessed (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):

sudo kate /etc/apache2/sites-available/mydomainhost

where mydomainhost is the name of the virtual host configuration file used for your URL. If you are using the default virtual host file, edit that one.

Add the line

Alias /webdav1 /var/www/WebDAV1/files

so that accessing the WebDAV folder using the URL

http://myhost.mydomain.org/webdav1

will forward to the correct folder (/var/www/WebDAV1) on the computer.

In this example, the WebDAV server is on the primary server, so the URL is the same as that of the primary server (and would be accessed from http://myhost.mydomain.org/webdav1). The primary server's IP address on the LAN (in this example) is 192.168.0.155, so to access it from the LAN, this address could also be used: http://192.168.0.155/webdav1.

Note: I personally use chmod 460, which does not allow the www-data owner to write to the file (only read permissions are allowed). Only members of the local group user can read/write to the file using this chmod 460 setting.

Testing WebDAV

Install cadaver, a command-line WebDAV client:

sudo apt-get install cadaver

Test if WebDAV works:

cadaver http://localhost/webdav1/

You should be prompted for a user name. Type in testuser and then the password for testuser. If all goes well, you should be granted access which means WebDAV is working ok. To leave the WebDAV shell, type quit:

Note: I personally use chmod 460, which does not allow the www-data owner to write to the file (only read permissions are allowed). Only members of the local group user can read/write to the file using this chmod 460 setting.

Enable WebDAV lock

Although optional, the lock database prevents multiple users from overwriting the same file simultaneously.

Create a global Apache2 configuration file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):

sudo kate /etc/apache2/conf.d/webdav

and add the single line:

DavLockDB /var/lock/apache2/DAVLock

It may be necessary to also add this line to the dav_fs configuration file:

sudo kate /etc/apache2/mods-available/dav_fs.conf

This directive indicates that the locking database files will be named DAVLock by the dav_lock module. These database files will be stored by Apache in the /var/lock/apache2 folder.

By default, Apache2 allows a WebDAV client to set the file lock time. Many WebDAV clients, for example, impose a file lock time of 2 minutes. A longer lock time can optionally be imposed by the WebDAV server by adding an additional line:

DAVMinTimeout 5

where in this example the minimum file lock time is set to 5 minutes for all clients. (The default is DAVMinTimeout 0, which indicates that no minimum file lock time is imposed by the server and it is left up to the individual WebDAV clients).

Enable the Apache2 dav_lock module:

sudo a2enmod dav_lock

Restart Apache2:

sudo /etc/init.d/apache2 restart

Multiple WebDAV servers on a LAN using a single IP address and router

Note: This section is undergoing editing.

To run multiple servers (including WebDAV servers) on multiple computers on a LAN using only a single IP address and router, see this solution using reverse proxies in Apache.

Each server should have a unique WebDAV folder name. Instead of using WebDAV1 and webdav1, different names, such as WebDAV2 and webdav2, WebDAV3 and webdav3, WebDAV4 and webdav4, etc., should be used on each of the individual computers.

Each computer's WebDAV folder would then be reached by its own unique label, e.g.

http://myhost.mydomain.org/webdav1

or

http://myhost.mydomain.org/webdav2

or

http://myhost.mydomain.org/webdav3

Alternatively, if each computer has its own unique URL, the unique URL can be used. Adjust the reverse proxy virtual host file (on the primary server that acts as the proxy/reverse proxy to the other servers) accordingly in order to enable this.

This does not always work and a lot of troubleshooting and trial and error is needed to perfect rewrite rules. Sometimes a more relaible method is to just use the RedirectMatch rule with the actual LAN IP address of the second server.

Here is a detailed example, although there are many ways to accomplish this.

On the primary server of the LAN (the one to which the router initially directs port 80 traffic), make sure the proxy/reverse proxy modules of Apache2 are enabled and then restart Apache:

This example assumes the primary server has its own set of WebDAV folders (as in the steps outlined above), labeled webdav1/WebDAV1.

Duplicate the steps for the second server, substituting webdav2 and WebDAV2 in each step.

On the primary server, edit the virtual host file for the primary URL (e.g. /etc/apache2/sites-available/mydomainhost) by which the LAN is reached (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):

This example assumes, of course, that the second server is located on the LAN at IP address 192.168.0.156. This ensures that the newly transformed URL gets sent to the correct IP address on the LAN. This is the proxy function of the first server. (It also specifies the reverse process.)

While this method is not required, it allows the second WebDAV server to be accessed from another computer on the LAN either by http://myhost.mydomain.org/webdav2 or by http://webdav2.mydomain.org. Using this method, by editing only the virtual host file on the primary server (that acts as proxy), access to the secondary WebDAV server can be selectively restricted to the LAN only or can be enabled for complete access from the Internet at large.

WebDAV with LDAP

Note: This section is undergoing editing.

If an LDAP server exists already, you can use the Apache2 mod_authnz_ldap module.

Do you intend to place each person's website in a separate directory below the common DAV root? If so, you'll probably want to limit access to each directory to its specific user for security. An .htpasswd file in each directory is the easiest solution, but it's safer to put all the access rules in the global WebDAV configuration file located in the /etc/apache2/sites-enabled folder.

WebDAV Clients

Dolphin

The Dolphin File Manager used in the KDE desktop of Kubuntu has built-in WebDAV support. A folder on a WebDAV server can be accessed directly by entering its location in the location bar. Examples:

webdav://localhost/webdav1

or

webdav://myhost.mydomain.org/webdav1

Note that a location can be made a permanent folder in Dolphin by right-clicking on the leftmost Places panel --> Add entry... -> Location: webdav://localhost/webdav1

Dolphin uses the same network proxy settings as Konqueror (or Rekonq). If there is trouble connecting to an online webdav folder, so that this error appears:

Could not connect to host:
subhost.host.org:
Connection to proxy refused.

then check the Network Settings (or the proxy settings of Konqueror/Rekonq) and then make sure that Konqueror/Rekonq connects to the Internet successfully.

Of course, if you are using a proxy, make sure that the proxy settings are correctly specified and that the proxy is working. When Konqueror (or Rekonq) connects successfully to the Internet, so should Dolphin.

Nautilus

The Nautilus File Manager used in the Gnome desktop of Ubuntu has built-in WebDAV support. A folder on a WebDAV server can be accessed directly.

Windows

Creating passwords for Windows clients

Some Windows clients (including Windows Explorer in XP) append the URL of the WebDAV folder to the user name. For example, when a WebDAV request is made by testuser3 to the WebDAV server at http://myhost.mydomain.org/webdav1, Windows will send a request for access as myhost.mydomain.org\testuser3. To accommodate this behavior, additional user accounts in the Windows format must be added to the password file on the WebDAV server. Note the extra \ .

Note: There is a bug in the Windows WebDAV redirector when used with Digest Authentication. (See this tutorial for more details.) A workaround entails mapping the WebDAV folder to a drive letter using the command line. This can only be done in a Windows computer that has just been booted.

Mount the WebDAV folder to a Windows drive letter with the Net use command. Enter the following into the Windows Start menu -> Run... command line:

A specific drive letter (such as W:) can be used instead of the *. The * option specifies to mount the resource to the next available Windows drive letter.

To make the mapping permanent, add the option /persistent:yes

A (.bat) batch file can be created that contains this net use command. A Windows shortcut to this batch file can then be placed in the Windows Start menu -> Programs -> Start folder. This will run the net use command (from the batch file) at every bootup (following the start of all basic services). The batch file may need to address the net command by its absolute folder location: